Re: [lisp] Restarting last call on LISP threats

Brian Haberman <brian@innovationslab.net> Mon, 16 June 2014 18:50 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D04E11A014F for <lisp@ietfa.amsl.com>; Mon, 16 Jun 2014 11:50:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cb7s5rSH-7Nj for <lisp@ietfa.amsl.com>; Mon, 16 Jun 2014 11:50:08 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669FC1A014C for <lisp@ietf.org>; Mon, 16 Jun 2014 11:50:08 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 37CD8880F0 for <lisp@ietf.org>; Mon, 16 Jun 2014 11:50:08 -0700 (PDT)
Received: from clemson.local (addr16212925014.ippl.jhmi.edu [162.129.250.14]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id ED3A771C0002 for <lisp@ietf.org>; Mon, 16 Jun 2014 11:50:07 -0700 (PDT)
Message-ID: <539F3C5D.8020907@innovationslab.net>
Date: Mon, 16 Jun 2014 14:50:05 -0400
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: lisp@ietf.org
References: <d690563db20d4fca945b810a14f37090@CO1PR05MB442.namprd05.prod.outlook.com> <B3A9D234-A6A2-45DC-B8FA-623B3A86DCE8@gmail.com> <a7c188aabbfe41ef80645d2ee1d6df99@CO1PR05MB442.namprd05.prod.outlook.com> <E0485205-9FCD-46FC-B852-06259334A47C@gmail.com> <40ecc5d773874ecdbdc05763004acfa7@CO1PR05MB442.namprd05.prod.outlook.com> <A2225E25-FE9E-4F97-B86F-9C078BB6A312@gmail.com> <db040d02b9a3402c9e53e1ae6374b2bb@CO2PR05MB636.namprd05.prod.outlook.com> <BEA94770-F16C-449E-BA44-3FC8E5DE1292@gmail.com> <5399D22A.2040207@joelhalpern.com> <5CAAEAE6-AF3E-4E27-8D73-FA8A64520379@gmail.com> <DB53B8D4-8E0E-4DEF-BE7A-579FD679EB66@gigix.net> <8f3ee88f9b9649359d5222d324568e07@CO1PR05MB442.namprd05.prod.outlook.com> <539F1582.3010406@joelhalpern.com> <539F3856.4060401@innovationslab.net> <539F3AEB.4030201@joelhalpern.com>
In-Reply-To: <539F3AEB.4030201@joelhalpern.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V9dKxgSAsgXFHl3ntHvRlGKJr2J1sr5nP"
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/TXZr6uOe24wm0o7rMenHxZlJxsE
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jun 2014 18:50:13 -0000

Hi Joel,

On 6/16/14 2:43 PM, Joel M. Halpern wrote:
> My understanding is that security oriented threat analyses documents do
> not generally, and the charter item for this document does not
> specifically, call out mitigations.  Mitigation is, as your comment
> suggests, a complex tradeoff as different mitigations have different
> costs and different efficacy.  So the tradeoff in using mitigation
> would, it seems to me, need to be in the document that proposes the
> mechanisms.

The charter work item says:

    - LISP security threats and solutions

My question was whether the WG plans to overhaul lisp-sec to describe
the mitigations/solutions to the threats described in lisp-threats or
just put them in one document.

Regards,
Brian